Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 10:43
Static task
static1
Behavioral task
behavioral1
Sample
7537e4873304128fc17548e6868ff87e_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7537e4873304128fc17548e6868ff87e_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7537e4873304128fc17548e6868ff87e_JaffaCakes118.html
-
Size
67KB
-
MD5
7537e4873304128fc17548e6868ff87e
-
SHA1
56aa48ca3cf8122dd8dfcae1e551d05da0c41a27
-
SHA256
312884627785209aa10001edcaa65bc30b4e6f4acc51a99e0c85249ee5d0bb95
-
SHA512
d5761424835105a62964bd64897c3531095951afa80a0cfe518bbb465ec156dda5328f2c2e355e9fe98299ff8d53e78c60d9b3496722b8c73e421857190c1485
-
SSDEEP
1536:S7gAZPak2VcV4FfERFUEGXE64xB0C1CVQYK5BH2qJVjtKnzak:SMVVcV4wyU64xB0C4VQYwvJVjtKd
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2884 msedge.exe 2884 msedge.exe 1100 msedge.exe 1100 msedge.exe 2160 identity_helper.exe 2160 identity_helper.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe 1100 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1100 wrote to memory of 800 1100 msedge.exe 84 PID 1100 wrote to memory of 800 1100 msedge.exe 84 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 4544 1100 msedge.exe 85 PID 1100 wrote to memory of 2884 1100 msedge.exe 86 PID 1100 wrote to memory of 2884 1100 msedge.exe 86 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87 PID 1100 wrote to memory of 2344 1100 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7537e4873304128fc17548e6868ff87e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1100 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c93a46f8,0x7ff8c93a4708,0x7ff8c93a47182⤵PID:800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:22⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:12⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:82⤵PID:392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:2196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1776,15367667350022637280,710133044664443406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2788 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1584
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3540
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3636
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD581d855f84aedf28db4fcad5b29decc55
SHA1a67cfe0b217e5a524c5574dcf9f2b03ffab07365
SHA256164967879214ac3a682a559d15b7257b42e74f3b321b0826fdda2fdb015d8b2b
SHA512f2075205e83c456cb8982ec950b020701985f33228ecf8d20c760d8ccd04be3a187d0990368f557e04229148df1471ff30772ab7cec43a62c4e95c12dfecd887
-
Filesize
2KB
MD5dafb98aecab4ace2f312c557ae5e9b53
SHA101eb03b218fb060c1ad7e3f6c69a39d8c0bc3344
SHA256aca5d0c24e47f9a2bdc6bf9d42e5a3a1e5992518058d006f31af01da3ca359a2
SHA5121e9a5f07d3b3cf535428af59faa474e07fc6fcc87255caf9a27b2543cdfa29aae0b06c66046b776812e19ed3933020fa1db893d3105db0d7014abcba622f5541
-
Filesize
5KB
MD570ffbf4378d8ba60adf136af782d8e13
SHA17740bc64c4f25273a1e494c46547a182b4ac7f57
SHA25675bf005c2fd16a89bbc316d080a3a18fb185d519c3d7b156734ac3c871f6e98c
SHA51282f61bf052fd443e47d892b7c636671dcac78e8be049d43dd0e37cab0471c350b9b8ff14e48c537cf799678522e75f7e92dccd190ca35a3e3c7d0b92f7d52727
-
Filesize
6KB
MD5557d4c784d42f5831215db048f01e63c
SHA1908af981c0dd52b8b4e60846b440103b8c00444f
SHA25693b5b91219db32bf1a8a1e3227c397b337f691b40d23fa7d41eed83444b09cae
SHA512858122331cf5ede38f02fe0ddc3ee0178767de4a834e254a95b75eadaafae4b1261817746d88ec92f6859e7dc0a91405298c1eb131a38aa8a6a1a02c9dc25402
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD513d9dc251debfe4fa7a03597641d60f4
SHA12dc1c624e4e469f1cc36de04f7aee547f50bd61e
SHA2564eeab45f311a09761cd7d9dc708d8afa7398bcf5d7bd7fa2bfdc952c5731e2b2
SHA5120a2947bbaa4807e3cfb5b38a001c509f741134a8542e5c0805394af25f1685c989be1d8db5c4f9cecca6d97d66b2eecac641b621b591528aa85c08fe485c3823